Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
Configure LDAP SMTPAUTH To Authenticate
External Users and Relay Mail
External Users and Relay Mail
Document ID: 118545
Contributed by Cisco TAC Engineers.
Oct 09, 2014
Contents
Introduction
Procedure
Procedure
Introduction
This document describes how to configure LDAP SMTPAUTH to authenticate external users and relay mail.
Procedure
Setting up relaying functionality for external users who are outside of the company's network that use Outlook
Express or Mozilla Thunderbird or similar mail clients.
Express or Mozilla Thunderbird or similar mail clients.
Note: Before setting up LDAP SMTPAUTH, you need to configure an LDAP profile that connects to a
Domain Controller, Active Directory, etc. This can be done in the System Administration > LDAP section.
Domain Controller, Active Directory, etc. This can be done in the System Administration > LDAP section.
After the LDAP profile has been set up and is working, choose System Administration > LDAP.
Click the server profile you want to change, then select the SMTP Authentication Query checkbox.
Click the server profile you want to change, then select the SMTP Authentication Query checkbox.
1.
In the Query String field, enter samaccountname= {u}) for Active Directory. (It may be different for
Lotus, Novell.)
Lotus, Novell.)
2.
For the Authentication Method, use: Authenticate via LDAP BIND. (The other settings can be left as
default.)
default.)
Submit and Commit your changes. Perform a few tests to confirm that the authentication works. You
should submit your windows credentials (for example, jsmith/*****) If it doesn't accept the
credentials, verify if LDAP Accept works up top.
should submit your windows credentials (for example, jsmith/*****) If it doesn't accept the
credentials, verify if LDAP Accept works up top.
3.
Choose Network > SMTP Authentication > Add Profile... and select LDAP as the Profile
Type. Submit and Commit your changes.
Type. Submit and Commit your changes.
4.
Choose Network > Listener and either public or private listener to enable the LDAP profile for this
listener.
listener.
5.
For the SMTP Authentication Profile, select the LDAP profile that you created in the previous step.
Submit and Commit your changes.
Submit and Commit your changes.
6.
Choose Mail Policies > Mail Flow Policies. Make sure you select the correct Listener at the
top. Select the Listener/IP address that external users will be connecting on.
top. Select the Listener/IP address that external users will be connecting on.
7.
Once the correct listener in the Mail Flow Policies is selected, click Default Policy Parameters.
8.
In Default Policy Parameters scroll down to the bottom to the Security Features section. For the
SMTP Authentication, set it to Preferred.
SMTP Authentication, set it to Preferred.
9.
Submit and Commit your changes.
10.